Data Sheet
Cisco VPN Acceleration Module 2+
Overview
The VPN Acceleration Module 2+ (VAM2+) for Cisco 7301 and 7200VXR Series routers provides
high-performance encryption/compression and key generation services for IPSec virtual private
network (VPN) applications. Like the VAM2, the VAM2+ supports both Data Encryption Standard
(DES), triple DES, and Advanced Encryption Standard (AES) 128-bit keys but adds hardwareacceleration for 192 and 256-bit AES keys. The VAM2+ continues to provide hardware-assisted
Layer-3 compression services integral with its encryption services, conserving bandwidth and
lowering network connection costs over secured links. This combination of security features and
advanced network services offers a flexible, integrated approach to accommodate the most
diverse enterprise or service provider network environments.
Features at a Glance
The VAM2+ supports DES, 3DES, and AES IPSec encryption at up to 280 Mbps while maintaining
support for 5000 simultaneous tunnels. The VAM2+ also integrates hardware-assisted RSA and IP
Payload Compression Protocol (IPPCP) Lempel-Ziv-Stac (LZS) compression, accelerating RSA
processing speeds, tunnel setup and creation time improving overall VPN initialization while
compressing payload data for streamlined communications. Thus in those environments where
bandwidth is costly, VAM2+ is able to compress network traffic before it is encrypted and sent over
pay-per-byte WAN connections saving transmission costs and improving overall throughput.
Features
Description
Physical
Service adapter-Installs in a single port adapter slot on the Cisco 7301 or
7200 Series routers
Platform support
Cisco 7301 and 7200 Series with NPEG2, NPE G1 or NPE-400
Throughput—Single VAM2+*
Up to 280 Mbps using 3DES or AES
Number of IPSec protected tunnels**
Up to 5000 tunnels
Hardware-based encryption
Data protection: IPSec DES, 3DES, AES
Authentication: RSA and Diffie-Hellman
Data integrity: SHA-1 and Message Digest 5 (MD5)
VPN tunneling
IPSec tunnel mode; generic routing encapsulation (GRE) and Layer 2
Tunneling Protocol (L2TP) protected by IPSec
Hardware-based compression
Layer 3 IPPCP LZS
LAN/WAN interface selection
On the Cisco 7200 Series, VAM2+ works with most Cisco 7200 VXRcompatible port adapters
Minimum Cisco IOS Software Release
supported
12.3(12) or 12.3(11)T3 Advanced Security or higher feature set
Standards supported
IPSec/IKE: RFCs 2401-2411, 2451
IPPCP: RFC 2393, 2395
*As measured with IPSec 3DES HMAC-SHA1 on 1400 byte packets.
**512MB of memory is required to support 5000 tunnels.
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 1
Data Sheet
Cisco Management Software for IPSec VPNs
Single Device Management
®
The Cisco Router and Security Device Manager (SDM) is an intuitive, Web-based device
®
management tool for Cisco IOS routers. Cisco SDM simplifies router and security configuration
through intelligent wizards, enabling customers to quickly and easily deploy, configure, and
monitor a Cisco router without requiring knowledge of the Cisco IOS Software command-line
interface (CLI). http://www.cisco.com/en/US/partner/products/sw/secursw/ps5318/index.html
Multiple Device Management
Cisco Security Manager (CS Manager), an integral part of the SAFE blueprint for network security,
combines Web-based tools for configuring, monitoring, and troubleshooting enterprise virtual
private networks (VPNs), firewalls, and network and host-based intrusion detection systems (IDS).
CS Manager delivers the industry's first robust and scalable foundation and feature set that
addresses the needs of small and large-scale VPN and security deployments.
For more information about Cisco Security Manager 3.1, visit http://www.cisco.com/go/csmanager
Ordering Information
®
VAM2+ support begins in Cisco IOS Software Release 12.3(12) or 12.3(11)T3 advanced security
or higher feature set. Cisco 7301 and 7200 security bundles are currently available that include
VAM2+ for easy ordering at a bundle discount.
Part Number
Description
SA-VAM2+
VPN Acceleration Module 2+ for the Cisco 7301 and 7200 Series
SA-VAM2+=
VPN Acceleration Module 2+ for the Cisco 7301 and 7200 Series, Spare
7206VXRG2/2+VPNK9
Cisco 7206 VXR chassis, NPE-G2 , VAM2+ Bundle (includes Chassis, NPE, VAM2+, PA Jacket
Card & Advanced Security image)
7206VXRG1/2+VPNK9
Cisco 7206 VXR chassis, NPE-G1 , VAM2+ Bundle (includes Chassis, NPE, VAM2+ & Advanced
Security image)
CISCO7301/2+VPNK9
Cisco 7301 chassis (with integrated NPE-G1) & VAM2+ Bundle (includes Chassis, NPE, VAM2+
& Advanced Security image)
Export Regulations
3DES software for the VAM2+ is controlled by U.S. export regulations on encryption products. The
module itself is not controlled. U.S. regulations require the recording of names and addresses of
recipients of DES and 3DES software. For more details, see
http://www.cisco.com/wwl/export/crypto/.
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
Data Sheet
Certifications
Cisco is committed to maintaining an active product certification and evaluation program for
customer’s worldwide. We recognize that certifications and evaluations are important to our
customers, and we continue to be a leader in providing certified and evaluated products to the
marketplace. We also will continue to work with international security standards bodies to help
shape the future of certified and evaluated products, and will work to accelerate certification and
evaluation processes. Certification and evaluation are considered at the earliest part of our product
development cycle, and we will continue to position our security products to insure that customers
have a variety of certified and evaluated products to meet their needs. For security certification
product details, see
http://www.cisco.com/en/US/partner/netsol/ns340/ns394/ns171/networking_solutions_audience_b
usiness_benefit0900aecd8009a16f.html
Printed in USA
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
C78-480142-01 09/08
Page 3 of 3